According to Huoxun Finance, the decentralized prediction market platform Polymarket has been suspected of being hacked. Threat perpetrator xorcat posted over 300,000 data records and a corresponding exploit kit on a well-known cybercrime forum. The attacker used unpublished API endpoints, pagination bypasses, and CORS misconfigurations in the Polymarket Gamma and CLOB APIs to extract data. The leaked data includes complete personal information for 10,000 users (including names, proxy wallets, and base addresses), 4,111 comments, 1,000 report records (including 58 ETH addresses and administrator authentication address identifiers), 48,536 Gamma market metadata entries, over 250,000 active CLOB market fixed-product market maker addresses, and social graph data from 9,000 followers. The toolkit contains proof-of-concept code for multiple vulnerabilities, including CVE-2025-62718 (Axios NO_PROXY bypass, CVSS 9.9, which can trigger server request forgery), CVE-2024-51479 (Next.js middleware authentication bypass, CVSS 7.5), and CORS misconfiguration, and also includes an automated continuous fetch script and a complete red team report.
Prediction market platform Polymarket is suspected of suffering a data breach, with over 300,000 records and a vulnerability exploit kit leaked.
2026-04-29 02:29:03
Share
Disclaimer: This article is copyrighted by the original author and does not represent MyToken’s views and positions. If you have any questions regarding content or copyright, please contact us.(www.mytokencap.com)contact
About MyToken:https://www.mytokencap.com/en/aboutusArticle Link:https://www.mytokencap.com/en/choicenews/3199240.html
More exciting content is available on
X(https://x.com/MyTokencap)or join the community to learn more:MyToken-English Telegram Group
(https://t.me/mytokenGroup)
X(https://x.com/MyTokencap)or join the community to learn more:MyToken-English Telegram Group
(https://t.me/mytokenGroup)